Pick a lesson below to get started.

Learn how to keep your customer's personally identifiable information safe through encryption, two-factor authentication, request blocking, and deploying a web application firewall.

Coming Soon

1. Ruby on Rails Authentication with Devise

Use a trusted library like Devise for authentication, which uses the secure bcrypt algorithm to hash passwords.

Coming Soon

2. Two Factor Authentication with Devise

Encourage (or enforce) that users enable two-factor authentication and supply a one-time password (OTP) code along with their password when they log in. OTPs can be generated with apps such as 1Password, Google Authenticator, or Authy.

Coming Soon

3. Rate Limit Login Attempts by IP with Rack::Attack

Rack::Attack is middleware for throttling and blocking requests. By limiting login attempts by IP address we can slow credential stuffing attacks, whereby email/password pairs gathered from the breach of another site are tested on your site.

Coming Soon

4. Secure Your Login Page with an Invisible CAPTCHA

Add Google's invisible reCAPTCHA to your login page in order to prevent automated login attempts, which significantly slow down a credential stuffing or password spraying attack.

Coming Soon

5. Protect Your Rails App with AWS WAF

AWS WAF is a web application firewall which lets you define rules that give you control over what traffic to allow or deny to your application. You can block common threats like SQL injection or XSS attacks, block requests from bad IP addresses, prevent DDoS attacks, setup a honeypot for bots, and whitelist IP addresses to your admin portal.

Want to get notified when new lessons are published?

Sign up for the newsletter to stay up to date.

Absolutely no spam. Your data is safe. Read the Privacy Policy.